At 08:11 PM 5/5/2000 -0700, Ronald F. Guilmette wrote:
>And how exactly is the recipient/victim supposed to tell the difference
>anyway? The answer is simple. You can't.
And, therefore, the only possible solution is to treat them in exactly the
same manner. Complain to their ISP, turn them into spamcop, etc.
Companies like Apple are, of course, big enough to ignore such complaints.
How do you tell if someone put your e-mail address into the subscriber web
site? Or if they gleaned it and put it in themselves? I firmly believe
that that has happened to me a number of times (spammers set up an e-mail
web subscribe list, gleaned addresses and subscribed me). Of course, they
never keep records.
I've heard tell of at least one modern version of "upyours" that has built
into it a list of several hundred non-confirming web interfaces. It is
probably a rumor, as I've never seen the code. Would it be hard to write?
As pointed out, no. At the very least the CGI should insure it is talking
to a browser that can return random hidden fields or some such stratagem.
I personally resisted adding confirmations for a long time since I have no
"techie" lists. I finally realized that it was a disservice to the
Internet at large to do so. At one point, I was being used as the relay
for 3-4 "upyours" attacks per day. The pattern was simple - someone would
be subscribed to every mailing list on my server and then the address would
go dead - (or not - some people simply kill filed the mailing lists and let
them get downloaded and deleted every day.)
In net time, this seems a long time ago, years now. Since then, I've done
stuff to make life easier for the point-and-clickers, by giving them a
clickable token that allows them to subscribe to *all* mailing lists, (by
e-mail) and clickable subscribe confirmations. I don't feel like I should
You might be a redneck if --
Your BBQ has its own license plate.
Nick Simicich mailto:njs @
http://scifi.squawk.com/njs.html -- Stop by and Light Up The World!